一、nfs存储卷
kubernetes的NFS存储卷用于将某实现存在的NFS服务器上导出export的存储空间挂在到pod中以供容器使用
与emptyDir不同的是、NFS存储卷在POD对象终止后仅是被卸载而非删除、另外NFS是文件系统级共享服务,它支持同时存在的多路关在请求
1、字段详解
[root@master ~]# kubectl explain pod.spec.volumes.nfs
KIND: Pod
VERSION: v1
RESOURCE: nfs <Object>
DESCRIPTION:
NFS represents an NFS mount on the host that shares a pod's lifetime More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do
not support ownership management or SELinux relabeling.
FIELDS:
path <string> -required-
#NFS服务器导出共享的文件系统路径、必选字段
Path that is exported by the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
readOnly <boolean>
#是以只读方式挂在、默认为false
ReadOnly here will force the NFS export to be mounted with read-only
permissions. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
server <string> -required-
#NFS服务器的ip地址、默认是false
Server is the hostname or IP address of the NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
2、配置清单
[root@master chapter7]# cat vol-nfs1.yaml
apiVersion: v1
kind: Pod
metadata:
name: vol-nfs-pod
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumes:
- name: html
nfs:
path: /data/volumes
server: node2
3、nfs server搭建
yum install nfs-utils rpcbind -y #所有节点均安装 [root@node2 volumes]# cat /etc/exports /data/volumes 192.168.118.0/24 (rw,no_root_squash) # 启动rpcbind服务 systemctl restart rpcbind #启动 systemctl restart nfs-server [root@node2 volumes]# showmount -e Export list for node2: /data/volumes (everyone)
4、挂载主页
[root@node2 volumes]# ls index.html [root@node2 volumes]# pwd /data/volumes [root@node2 volumes]# cat index.html <h1>NFS node2</h1>
5、创建运行vol-nfs.yaml
[root@master chapter7]# kubectl get pods NAME READY STATUS RESTARTS AGE pod-example 1/1 Running 1 9d vol-emptydir-pod 2/2 Running 0 5d1h vol-hostpath-pod 1/1 Running 0 4d22h [root@master chapter7]# kubectl apply -f vol-nfs1.yaml pod/vol-nfs-pod created [root@master chapter7]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-example 1/1 Running 1 9d 10.244.2.9 node2 <none> <none> vol-emptydir-pod 2/2 Running 0 5d1h 10.244.2.68 node2 <none> <none> vol-hostpath-pod 1/1 Running 0 4d22h 10.244.1.43 node1 <none> <none> vol-nfs-pod 1/1 Running 0 4m24s 10.244.1.50 node1 <none> <none> [root@master chapter7]# curl 10.244.1.50 <h1>NFS node2</h1>
6、删除pod数据依然存在
为了测试其数据持久化效果,下面删除pod资源vol-nfs-pod、并重建后检测数据是否依然能访问
[root@master chapter7]# kubectl delete -f vol-nfs1.yaml pod "vol-nfs-pod" deleted [root@master chapter7]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-example 1/1 Running 1 9d 10.244.2.9 node2 <none> <none> vol-emptydir-pod 2/2 Running 0 5d1h 10.244.2.68 node2 <none> <none> vol-hostpath-pod 1/1 Running 0 4d22h 10.244.1.43 node1 <none> <none> [root@master chapter7]# kubectl apply -f vol-nfs1.yaml pod/vol-nfs-pod created [root@master chapter7]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-example 1/1 Running 1 9d 10.244.2.9 node2 <none> <none> vol-emptydir-pod 2/2 Running 0 5d1h 10.244.2.68 node2 <none> <none> vol-hostpath-pod 1/1 Running 0 4d22h 10.244.1.43 node1 <none> <none> vol-nfs-pod 1/1 Running 0 6s 10.244.1.51 node1 <none> <none> [root@master chapter7]# curl 10.244.1.51 <h1>NFS node2</h1>
这里应确保实现要存在一个名为nfs.ilinux.io的NFS服务器、其输出了/data/redis目录,并授权给了kubernetes集群中的节点访问、主机和目录都可以按需进行调整
从上面的命令中可以看出,此前创建的键mykey及其数据在pod资源重建后依然存在、这表明再删除pod资源时、其关联的外部存储卷并不会被一同删除、如果需要清除此类的数据、需要用户通过存储系统的管理接口手动进行
二、RBD存储卷
1、配置pod资源使用RBD存储卷、满足条件
- 存在某可用的Ceph RBD存储集群,否则就需要创建一个
- 在Ceph集群中创建一个能满足Pod资源数据存储需要的存储影响(images)
- 在kubernetes集群内的各节点上安装Ceph客户端程序包(ceph-common)
2、字段详解
在配置RBD类型的存储卷时、需要制定要连接的目标服务器和认证信息等、这一点通常使用一下嵌套字段进行定义
[root@master ~]# kubectl explain pod.spec.volumes.rbd
KIND: Pod
VERSION: v1
RESOURCE: rbd <Object>
DESCRIPTION:
RBD represents a Rados Block Device mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD
volumes support ownership management and SELinux relabeling.
FIELDS:
fsType <string>
#要挂在的存储卷的文件系统类型,至少应该是节点操作系统支持的文件系统,如:ext4", "xfs", "ntfs".默认为"ext4"
Filesystem type of the volume that you want to mount. Tip: Ensure that the
filesystem type is supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
image <string> -required-
#rados image的名称,必选字段
The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
keyring <string>
#RBD用户认证时的keyring文件路径,默认为/etc/ceph/keyring
Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
monitors <[]string> -required-
#ceph存储见识其,逗号分隔的字符串列表;必选字段
A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool <string>
#rados 存储池名称,默认为RBD
The rados pool name. Default is rbd. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
readOnly <boolean>
#是否以只读的方式进行访问
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to
false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
secretRef <Object>
#RBD用户认证时使用的保存有相应认真信息的secret对象,会覆盖由keyring字段提供的密钥信息
SecretRef is name of the authentication secret for RBDUser. If provided
overrides keyring. Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user <string>
#rados 用户名,默认为admin
The rados user name. Default is admin. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
3、实验架构图
此示例依赖于实现存在的一个ceph存储集群
这里假设其监视器的地址为:172.16.0.56、172.16.0.57、172.16.0.58三个主机IP
并且集群上存储池kube中存在创建好的应先redis、此影响用油ext4文件系统
ceph客户端访问集群时需要实现完成认真之后才能进行后续的访问操作、此示例上、其认真信息保存于名为Ceph-secret的secret资源对象中
4、示例模板
[root@master chapter7]# cat vol-rbd.yaml
apiVersion: v1
kind: Pod
metadata:
name: vol-rbd-pod
spec:
containers:
- name: redis
image: redis:4-alpine
ports:
- containerPort: 6379
name: redisport
volumeMounts:
- mountPath: /data
name: redis-rbd-vol
volumes:
- name: redis-rbd-vol
rbd:
monitors:
- '172.16.0.56:6789'
- '172.16.0.57:6789'
- '172.16.0.58:6789'
pool: kube
image: redis
fsType: ext4
readOnly: false
user: admin
secretRef:
name: ceph-secret
三、GlusterFS存储卷
要配置pod资源使用GlusterFS存储卷、需要事先满足一下前提条件
1、前提条件
1、存储在某可用的GlusterFS存储集群、否则就要创建一个
2、在GlusterFS集群中创建一个能满足pod资源数据存储需要的卷
3、在kubernetes集群内的各节点上安装GlusterFS客户端程序包(glusterf和gluseterfs-fuse)
4、另外、若要基于GlusterFS是哦用存储卷的动态供给机制、还需要实现部署heketi,它用于为GlusterFS集群提供RESTFUL风格的管理接口
2、字段属性详解
[root@master ~]# kubectl explain pod.spec.volumes.glusterfs
KIND: Pod
VERSION: v1
RESOURCE: glusterfs <Object>
DESCRIPTION:
Glusterfs represents a Glusterfs mount on the host that shares a pod's
lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs
volumes do not support ownership management or SELinux relabeling.
FIELDS:
endpoints <string> -required-
#Endpoints 资源的名称、此资源需要实现存在,用于提供Cluster集群的部分节点信息作为其访问入口;必选字段
EndpointsName is the endpoint name that details Glusterfs topology. More
info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
path <string> -required-
#用到的glusterfs集群的卷路径、如:kube-redis;必选字段
Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
readOnly <boolean>
#是否为只读卷
ReadOnly here will force the Glusterfs volume to be mounted with read-only
permissions. Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
3、资源清单
[root@master chapter7]# cat vol-glusterfs.yaml
apiVersion: v1
kind: Pod
metadata:
name: vol-glusterfs-pod
labels:
app: redis
spec:
containers:
- name: redis
image: redis:alpine
ports:
- containerPort: 6379
name: redisport
volumeMounts:
- mountPath: /data
name: redisdata
volumes:
- name: redisdata
glusterfs:
endpoints: glusterfs-endpoints
path: kube-redis
readOnly: false
vol-glusterfs.yaml 它使用了glusterfs存储卷持久保存应用数据、它通过glusterfs-endpolints资源中定义的glusterfs集群节点信息接入集群
并以kube-redis卷作为pod资源的存储卷。glusterfs-endpolints资源需要在kubernetes集群中事先创建、而kube-redis则需要事先创建Gluster集群
4、创建运行
用于访问cluster集群的相关结点信息要实现保存于某特定的endpolints资源中、例如上面示例中调用的glusterfs-endpolints、此类的endpolints
资源可由用户根据实际需要手动创建、例如、下面的保存于glusterfs-endpolints.yaml文件中的资源示例中定义了三个接入相关的gluster存储集群
的节点gfs01.ilinux.io、gfs01.ilinux.io和gfs03.ilinux.io、期中的端口信息仅为满足endpolints资源必选字段要求、因此其值可以随意填写
[root@master chapter7]# cat glusterfs-endpoints.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: glusterfs-endpoints
subsets:
- addresses:
- ip: 172.16.2.36
ports:
- port: 24007
name: glusterd
- addresses:
- ip: 172.16.2.37
ports:
- port: 24007
name: glusterd
- addresses:
- ip: 172.16.2.38
ports:
- port: 24007
name: glusterd
首先创建endpolints资源glusterfs-endpoints,然后再创建pod资源vol-glusterfs即可测试其数据持久化存储的效果
四、cinder存储卷
1、字段详解
openstack构建的iaas环境中时、cinder的块存储功能可为pod资源提供外部持久存储的幼小方式
在pod资源上定义使用cinder存储卷时,其可用的嵌套字段包含如下几个
[root@master ~]# kubectl explain pod.spec.volumes.cinder
KIND: Pod
VERSION: v1
RESOURCE: cinder <Object>
DESCRIPTION:
Cinder represents a cinder volume attached and mounted on kubelets host
machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Represents a cinder volume resource in Openstack. A Cinder volume must
exist before mounting to a container. The volume must also be in the same
region as the kubelet. Cinder volumes support ownership management and
SELinux relabeling.
FIELDS:
fsType <string>
#要挂在的存储卷的问价那系统类型,至少应该是接待能操作系统支持的问价那系统
Filesystem type to mount. Must be a filesystem type supported by the host
operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to
be "ext4" if unspecified. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
readOnly <boolean>
#是否以只读方式访问
Optional: Defaults to false (read/write). ReadOnly here will force the
ReadOnly setting in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
secretRef <Object>
Optional: points to a secret object containing parameters used to connect
to OpenStack.
volumeID <string> -required-
#用于表示cinder中的存储卷的卷标识符、必选字段
volume id used to identify the volume in cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
2、模板示例
下面的资源清单是定义在vol-cinder.yaml 文件中的使用示例、假设在openstack环境中有创建好的cinder卷可用
[root@master chapter7]# cat vol-cinder.yaml
apiVersion: v1
kind: Pod
metadata:
name: vol-cinder-pod
spec:
containers:
- image: mysql
name: mysql
args:
- "--ignore-db-dir"
- "lost+found"
env:
- name: MYSQL_ROOT_PASSWORD
value: YOUR_PASS
ports:
- containerPort: 3306
name: mysqlport
volumeMounts:
- name: mysqldata
mountPath: /var/lib/mysql
volumes:
- name: mysqldata
cinder:
volumeID: e2b8d2f7-wece-90d1-a505-4acf607a90bc
fsType: ext4